Five Web App Security Predictions for 2022

The year 2021 was eventful in the cybersecurity space as businesses continued to grapple with the post-COVID explosion in all things digital. At the same time, social distancing regulations have become more relaxed in recent months, which has allowed people to once again go outside and get off their devices. Cybercriminals have capitalized on these shifts to evolve their attacks once again.

Last year, we made five predictions for 2021. We correctly predicted stronger cybercrime communities and collaborations between them, and we’ll double down on that for the coming year. As we forecast, the increased adoption of GraphQL has led to more risk there. We correctly predicted growing bot attacks on hype sales, and indeed we have seen advancing sophistication and overall growth in attacks and tools built to target these coveted items over the last year.

We also forecast that the DevSecOps function would become mainstream. It is hard to call it mainstream yet, but it is definitely trending in that direction. Lastly, we speculated that “Buy Online Pickup In-Store” (BOPIS) would become one of the fastest growing fraud types. It is definitely a vehicle for fraud, but not at the level we thought it might be as many e-commerce merchants adopted safer authentication and verification methods to address this risk.

Now it’s time to look ahead to 2022. We predict spikes in custom malware, bot attacks and post-login fraud. Businesses will expand their security focus to include not only login and payment fraud, but also other types of fraud at different stages of the digital journey. Because of this, we believe 2022 will be the year of comprehensive account protection. This means approaching security from a perspective of the user’s account integrity and providing multiple tiers of protection throughout the application journey and the account lifecycle. Along that (Read more...)